Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/4o1R2FBcZj6e-H3dvoq6gTyMO5c.roa
File:                     4o1R2FBcZj6e-H3dvoq6gTyMO5c.roa (raw, json)
Hash identifier:          Y2BZJutr6kXsbubYQaM32HAUSVaCNx4SKpotog3j2Vk=
Subject key identifier:   E2:8D:51:D8:50:5C:66:3E:9E:F8:7D:DD:BE:8A:BA:81:3C:8C:3B:97
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0193061B219ABE6900BA58F606E9DA9C777F
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/4o1R2FBcZj6e-H3dvoq6gTyMO5c.roa
Signing time:             Thu 07 Nov 2024 10:11:01 +0000
ROA not before:           Thu 07 Nov 2024 10:11:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213920
IP address blocks:        185.225.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 14:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:06:1b:21:9a:be:69:00:ba:58:f6:06:e9:da:9c:77:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Nov  7 10:11:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e28d51d8505c663e9ef87dddbe8aba813c8c3b97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:30:a3:4e:e9:e1:e2:d7:5b:91:b3:c6:92:fe:
                    6a:cc:00:92:f4:e5:92:cf:fa:34:4e:af:7d:f3:60:
                    1d:75:b1:35:a7:b1:4e:49:15:db:6a:9d:e9:46:56:
                    06:17:25:cf:71:71:88:f4:9a:85:c4:ae:bd:8f:e0:
                    ed:ec:c8:96:23:0c:ab:5f:76:16:ba:ba:8e:81:20:
                    dc:17:67:00:1c:48:5d:c5:4b:19:d2:2f:00:d0:14:
                    a4:fd:8f:f4:81:5b:fa:62:da:85:07:6e:90:bf:66:
                    27:d7:d9:d0:6b:aa:87:56:7a:32:04:74:0c:e0:16:
                    47:eb:eb:bd:62:0b:86:43:8a:0d:86:84:de:41:19:
                    51:e8:3a:56:d0:59:34:ad:81:64:f1:59:4e:fe:d7:
                    9b:c4:92:0e:b0:5c:36:7e:8c:36:2a:3a:43:58:06:
                    6e:72:b5:4e:62:0f:ce:f9:91:45:b0:26:b0:df:d7:
                    67:b2:6e:16:f3:89:89:79:fe:af:66:05:70:67:6d:
                    85:26:a5:3d:54:b4:89:16:a8:66:f0:b2:de:f6:0c:
                    d5:fc:ae:15:7a:4b:0a:e0:60:3b:16:19:f5:6a:69:
                    aa:cb:e4:f2:a5:8f:3c:06:d2:05:56:f5:a7:4b:61:
                    65:97:be:8f:ea:81:0c:7c:f9:36:e7:7f:46:95:8a:
                    f5:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:8D:51:D8:50:5C:66:3E:9E:F8:7D:DD:BE:8A:BA:81:3C:8C:3B:97
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/4o1R2FBcZj6e-H3dvoq6gTyMO5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:b0:6b:30:e0:9b:bd:52:bf:07:0b:a0:dc:49:64:f5:1a:e2:
         50:53:b3:f6:1b:46:a3:6a:c8:16:3d:87:23:b6:85:98:a6:f9:
         b2:3c:1b:b2:ac:b4:ba:72:96:05:b4:f5:d0:93:0a:49:f7:0a:
         17:81:77:95:a0:54:da:0b:41:06:a2:e4:5c:21:1c:5e:ce:5b:
         40:aa:c5:2a:06:6c:9f:a1:66:f7:de:40:57:15:2b:fe:cf:da:
         da:54:85:a6:b1:4f:1a:fa:74:06:a2:65:90:65:14:92:af:00:
         5d:66:99:40:54:95:39:d2:23:e7:30:9e:ac:c0:0d:26:cc:9a:
         8a:72:5f:03:47:90:58:67:68:03:c6:83:76:06:47:b5:37:b6:
         c3:35:f3:b3:f2:b0:3b:dc:19:ac:03:bb:c3:0c:c2:80:0a:e8:
         00:3b:dc:27:56:2c:eb:3d:2a:39:de:61:45:6c:69:45:60:1c:
         44:4c:5a:3e:5e:88:7c:f7:dd:44:47:c7:80:d0:f8:cc:13:02:
         e3:8a:fd:14:05:49:9c:5a:e3:5e:ea:d4:04:06:f2:33:ac:78:
         89:fd:83:c8:61:22:d0:28:d5:6e:85:ed:ac:e4:75:f4:1f:15:
         f6:66:4b:c0:63:37:e8:00:4b:e5:e7:4e:d3:40:ed:33:b0:d2:
         53:aa:12:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMGGyGavmkAulj2BunanHd/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQxMTA3MTAxMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjhkNTFkODUwNWM2NjNlOWVmODdkZGRiZThhYmE4MTNjOGMzYjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9DCjTunh4tdbkbPGkv5qzACS9OWS
z/o0Tq9982AddbE1p7FOSRXbap3pRlYGFyXPcXGI9JqFxK69j+Dt7MiWIwyrX3YW
urqOgSDcF2cAHEhdxUsZ0i8A0BSk/Y/0gVv6YtqFB26Qv2Yn19nQa6qHVnoyBHQM
4BZH6+u9YguGQ4oNhoTeQRlR6DpW0Fk0rYFk8VlO/tebxJIOsFw2fow2KjpDWAZu
crVOYg/O+ZFFsCaw39dnsm4W84mJef6vZgVwZ22FJqU9VLSJFqhm8LLe9gzV/K4V
eksK4GA7Fhn1ammqy+TypY88BtIFVvWnS2Fll76P6oEMfPk2539GlYr13QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOKNUdhQXGY+nvh93b6KuoE8jDuXMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvNG8xUjJGQmNaajZlLUgzZHZvcTZnVHlNTzVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueEWMA0G
CSqGSIb3DQEBCwUAA4IBAQA2sGsw4Ju9Ur8HC6DcSWT1GuJQU7P2G0ajasgWPYcj
toWYpvmyPBuyrLS6cpYFtPXQkwpJ9woXgXeVoFTaC0EGouRcIRxezltAqsUqBmyf
oWb33kBXFSv+z9raVIWmsU8a+nQGomWQZRSSrwBdZplAVJU50iPnMJ6swA0mzJqK
cl8DR5BYZ2gDxoN2Bke1N7bDNfOz8rA73BmsA7vDDMKACugAO9wnVizrPSo53mFF
bGlFYBxETFo+Xoh8991ER8eA0PjMEwLjiv0UBUmcWuNe6tQEBvIzrHiJ/YPIYSLQ
KNVuhe2s5HX0HxX2ZkvAYzfoAEvl507TQO0zsNJTqhKL
-----END CERTIFICATE-----